Description
Currently local_cert and local_pk in stream context are not checked if they are under open_basedir restriction. This should be probably fixed just in master as it is not usually a big issue considering that those certs / keys are basically read only and some flow might have relied on them being in the system path so we don't want to break them in patch release. However we should still confirm with the open_basedir rules and prohibit it in master branch.
The following code:
<?php
// cert path (existing cert)
$local_cert= "$file_path/cert/local.pem";
ini_set('open_basedir', "$file_path/cert");
$serverCtx = stream_context_create(['ssl' => [
    'local_cert' => $local_cert
]]);
var_dump($serverCert);Resulted in this output:
But I expected this output instead:
possibly warning
bool(false)
PHP Version
Any
Operating System
Any